|
I thought I would write something technical today, for a change. Here I am, a reasonably well paid Network Engineer and I hardly ever write about anything networky. So here goes:
Having recently spent a large amount of time tuning my own wireless networks and helping out other people with theirs, I thought I would write a quick article about wireless networking. Having also been someone who sits in remote offices and finds unsecured wireless networks, I thought I would write a bit about securing your network.
Q. What range does my wireless network have?
A. The ranges of a home wireless LAN depend on the wireless access point (WAP) used. Things that affect a WAPs range: - the 802.11 protocol used
- the power of the transmitter
- the use of builtin or external aerials
- the type of obstructions or interference
Theoretically, 802.11a has a maximum range of 100ft and 802.11b and 802.11g have a maximum range of 300ft (dependent on whether it is indoors or outdoors - indoors can be a lot less)
Things such as brick walls, metalwork and bunches of electrical cables can reduce the range by more than 25%. 802.11a is a lot more susceptible to obstructions and interference than 802.11b/g, but all types can be affected. You can extend a Wi-Fi LAN by using multiple wireless access points - look for devices that support technologies like extenders, repeaters or bridging such as WDS (Wireless Distribution System). You can also increase the power of the transmitters by the use of external aerials or boosters.
Q. What can I do to secure my wireless network?
A. Several things- Change the default password
Most access points have a documented default password for when you first setup your wireless network, so that you can configure your access point to suit your needs. Change the password to something you remember and use a strong password by mixing upper and lower case with numbers. It makes password cracking by brute force (running through a list of possible words) much, much harder. - Turn on encryption
All wireless equipment supports encryption of some degree or other. Encryption means that the information sent between the wireless devices is scrambled and made unreadable unless you know what the "key" is. The two most common methods of encryption is WEP or WPA. They both rely on keys or passphrases which must be configured on the access point and on all the devices using the network. At the time of writing, WEP encryption has been cracked (it takes some time but it can be done) whereas WPA/WPA2 is still safe to use. Turn on encryption - Change the Default SSID
All access points and routers come with a default network name or SSID. Most manufacturers send out their products with the same default SSID, such as "belkin54g", "linksys", etc. If someone finds your wireless network and can see a default SSID, they already know what equipment you are using. If they know what equipment you are using and you haven't changed the password (see above), they can start working on getting into your network. So change the default SSID. - Enable MAC Address Filtering
Every piece of networking equipment (wired or wireless) has a unique identifier called the "MAC address." Wireless access points use the MAC addresses to track what connects to them. Most access points give you the option to "filter" these address or limit what MAC addresses can connect to it. Set MAC address filtering on and add the addresses of all the wireless equipment you are using. - Disable SSID Broadcast
By default, most access points broadcast their network name (SSID) to all and sundry. The problem here is that if you have left your SSID at the default, you could be telling people what kit you have and that can lead to lots of problems (see above). If you have changed it, all the better, but having it broadcast can leave others tempted to try and have a go. As long as you know what the SSID is for your network (for when you are configuring new devices), you dont need it broadcast. Turn it off. - Don't use DHCP
Most networks use dynamic IP addressing (DHCP), as it makes life easier and requires less management. However, should someone be able to get access to your network, it will automagically give them an IP address on your network and they then have pretty much unfettered access to everything your network provides. Turn off DHCP and assign static IP address to each device on your network.
|
